TLS

You can secure an Ingress by specifying a secret containing TLS pem or by referring a certificates.voyager.appscode.com resource.
certificates.voyager.appscode.com can manage an certificate resource and use that certificate to encrypt communication.

This tutorial will show you how to secure an Ingress using TLS/SSL certificates.

Before You Begin

At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube.

This Ingress will open an https listener to secure the channel from the client to the loadbalancer,
terminate TLS at load balancer with the secret retried via SNI and forward unencrypted traffic to the
test-service.

Secure TCP Service

Adding a TCP TLS termination at Voyager Ingress is slightly different than HTTP, as TCP mode does not have
SNI support. A TCP endpoint with TLS termination, will look like this in Voyager Ingress:

port 443: This is used by spec.rules[0]. Passes traffic to pods behind test-server:80. Uses TLS, since spec.TLS has a matching host.

port 80: This is used by spec.rules[1]. Passes traffic to pods behind test-server:80. Uses no TLS, even though spec.TLS has a matching host. This is because http.noTLS is set to true for this rule.

port 7878: This is used by spec.rules[2]. Passes traffic to pods behind tcp-service:50077. Uses TLS, since spec.TLS has a matching host.

port 7880: This is used by spec.rules[3]. Passes traffic to pods behind tcp-service:50077. Uses no TLS, even though spec.TLS has a matching host. This is because tcp.noTLS is set to true for this rule.

Cleaning up

To cleanup the Kubernetes resources created by this tutorial, run:

kubectl delete ns demo

If you would like to uninstall Voyager operator, please follow the steps here.

Take your team where it needs to go.

Create your cluster in minutes. Our team is here to help and would be happy to chat with you.